Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] SecuRemote/SecuClient questions

from Frank Darden [Permanent Link]
Subject: Re: [FW-1] SecuRemote/SecuClient questions
From: Frank Darden <fdarden AT LOCKED DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 23 Jun 2003 15:49:14 -0400 
It would be pointless to lock down to a MAC address anyway. MAC
addresses can easily be altered/spoofed. A better way to manage this
would be user credentials based matching using User Authority, combined
with certificate/token based strong authentication. The IP assignment
per user in Office Mode in AI simply allows you to always associate a
specific IP address with a specific SecurClient user. This is actually a
cool feature in itself, but will not help you with your current issue

Frank


-----Original Message-----
From: Hannu Liljemark [mailto:hannu.liljemark AT LAUREA DOT FI]
Sent: Friday, June 20, 2003 4:17 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecuRemote/SecuClient questions

On Fri, Jun 20, 2003 at 09:49:00AM +0300, Serge Vondandamo wrote:

> 2)Is it possible to attach a SecuRemote/SecuClients user to
> a specific computer (MAC address or something else) so that
> users can not install the software on their home (personal)
> computers and connect to the corporate Network?

I don't think so. According to Whatsnew file, NG AI
SecureClient has some new SCV features like doing your own
SCV tests from exe/bat files, perhaps that could be used,
but you're looking at a do-it-yourself project if the
normal SCV tests aren't enough to make you satisfied
about remote host's security when it's trying to connect
to the internal network.

NG AI also had some way of giving specific IP to each
user. If it used MAC addresses at some point, that might
be an option... but I have no clue if it actually does.


--
(Mr.) Hannu Liljemark  |  Appelsiini Finland Oy  |
http://appelsiini.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] CP NG Secure Remote NG client and MSExchange access, Frank Darden
Next by Date:  [FW-1] LAN address space on WAN help ?, Eric i
Previous by Thread:  Re: [FW-1] SecuRemote/SecuClient questions, Hannu Liljemark
Next by Thread:  Re: [FW-1] SecuRemote/SecuClient questions, Benny Czarny
Indexes:  [Date] [Thread] [Top] [All Lists]